Lynx Hackers Strike Major Romanian Power Company in Ransomware Attack

Lynx Hackers Strike Major Romanian Power Company in Ransomware Attack

Romanian Energy Giant Electrica Hit by Lynx Ransomware Attack

Romania’s major electricity supplier, Electrica Group, has fallen victim to a cyberattack by the Lynx ransomware gang, as confirmed by the Romanian National Cybersecurity Directorate (DNSC). Electrica, which serves over 3.8 million users across Muntenia and Transylvania, discovered the breach while critical power systems remained unaffected.

Energy Minister Sebastian Burduja confirmed that the company’s SCADA and critical infrastructure systems were successfully isolated during the attack. DNSC has provided a YARA script to help organizations detect potential compromises and strongly advised against paying any ransom demands.

The Lynx Ransomware Operation, active since July 2024, has claimed over 78 victims, particularly targeting energy, oil, and gas sectors. The group’s malware appears to be based on INC Ransom’s source code, which was reportedly offered for sale on hacking forums for $300,000 in May.

This incident follows a series of cyber challenges in Romania, including:
– Over 85,000 cyberattacks on election infrastructure
– A Backmydata ransomware attack affecting 100+ hospitals
– Disruption of the presidential elections due to a Russia-linked TikTok influence campaign

Electrica, listed on both London and Bucharest stock exchanges since 2014, continues to investigate the incident with national cybersecurity authorities while maintaining essential services for its customers.

Share This Article